[.06] Causes sandboxes to not delete
[.06] Causes sandboxes to not delete
I have found (using 4.01.05) that I can cause "System" to have locks on the 2 Reghive files in a sandbox just by sandboxing a program that is not listed in the Start/Run Restrictions list.
With these programs in the list:
ProcessGroup=<StartRunAccess>,firefox.exe,plugin-container.exe,flashgot.exe
Sandboxing Notepad gives:
2013-04-11 18:09:18 SBIE1308 Program cannot start due to restrictions - notepad.exe [Test_Start_Run]
2013-04-11 18:09:18 SBIE2314 Canceling process notepad.exe
Double-clicking the SBIE2222 line to allow Notepad to run gives:
ProcessGroup=<StartRunAccess>,firefox.exe,plugin-container.exe,flashgot.exe,notepad.exe
With no programs running at this time, and the sandbox set to auto-delete, delete contents fails (not renamed).
Manual Delete Contents is unable to delete contents due to "System" locks.
Notepad will run the next time it's tried, but when the program ends the sandbox still cannot be renamed or deleted.
So far, I've had to reboot to delete the contents of the 3 sandboxes that I've tried this with.
-----
[Test_Start_Run]
Enabled=y
ConfigLevel=7
AutoRecover=y
Template=BlockPorts
Template=LingerPrograms
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
NotifyStartRunAccessDenied=y
AutoDelete=y
ProcessGroup=<StartRunAccess>,firefox.exe,plugin-container.exe,flashgot.exe
ClosedIpcPath=!<StartRunAccess>,*
With these programs in the list:
ProcessGroup=<StartRunAccess>,firefox.exe,plugin-container.exe,flashgot.exe
Sandboxing Notepad gives:
2013-04-11 18:09:18 SBIE1308 Program cannot start due to restrictions - notepad.exe [Test_Start_Run]
2013-04-11 18:09:18 SBIE2314 Canceling process notepad.exe
Double-clicking the SBIE2222 line to allow Notepad to run gives:
ProcessGroup=<StartRunAccess>,firefox.exe,plugin-container.exe,flashgot.exe,notepad.exe
With no programs running at this time, and the sandbox set to auto-delete, delete contents fails (not renamed).
Manual Delete Contents is unable to delete contents due to "System" locks.
Notepad will run the next time it's tried, but when the program ends the sandbox still cannot be renamed or deleted.
So far, I've had to reboot to delete the contents of the 3 sandboxes that I've tried this with.
-----
[Test_Start_Run]
Enabled=y
ConfigLevel=7
AutoRecover=y
Template=BlockPorts
Template=LingerPrograms
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
NotifyStartRunAccessDenied=y
AutoDelete=y
ProcessGroup=<StartRunAccess>,firefox.exe,plugin-container.exe,flashgot.exe
ClosedIpcPath=!<StartRunAccess>,*
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
I can reproduce this on XP and W7 32bits. I am seeing same messages as Guest10 when I right click on a file and choose to run it sandboxed in a sandbox where the file has not Start/Run access. The sandbox doesn't delete when it closes even though it is set to delete on closing and Reghive files remain in the sandbox.
Bo
Bo
Causes sandboxes to not delete
Had the same problem using 4.01.05. I have went back to version 3.76 and no problem with deletion. Windows 7 64bit. (Just wanted to add that I have KB2813170 update installed and 3.76 is working o.k..)
Along with Windows 7 64 bit also have MBAM pro, MSE, Windows firewall, UAC and my browser is Pale Moon with NoScript and Adblock plus Macrium Reflect as backup.
Along with Windows 7 64 bit also have MBAM pro, MSE, Windows firewall, UAC and my browser is Pale Moon with NoScript and Adblock plus Macrium Reflect as backup.
Last edited by w0lfrun on Fri Apr 12, 2013 2:53 pm, edited 1 time in total.
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
Ahh, I hadn't seen this thread before, and I just had the RegHive locked/in use when trying to manually delete the sandbox before upgrading to .06... I thought that was odd, since I think I've only had that previously if Regedit was open (or maybe open to the particular RegHive) when the sandbox became inactive. Turns out I accidentally tried to run more.com yesterday when I only have *.exe allowed to start, so I guess that's why. Nice find Guest10!
And I never want to restart for any reason if I can help it, so I was able to fix it by manually unloading the Sandbox_..._... hive from Regedit.
And I never want to restart for any reason if I can help it, so I was able to fix it by manually unloading the Sandbox_..._... hive from Regedit.
XP Home-as-Pro SP3 (Admin) w/ continued updates (Embedded/POSReady 2009)
> Permissions + "2-level" SRP, latest Sandboxie (Pro/registered), EMET 4, no anti-anything (ever)
Did I make tzuk crazed... in his last days?
> Permissions + "2-level" SRP, latest Sandboxie (Pro/registered), EMET 4, no anti-anything (ever)
Did I make tzuk crazed... in his last days?
Who is online
Users browsing this forum: No registered users and 0 guests